Proposed additional GDPR enforcement rules (LIBE Report): compatibility with the Charter of Fundamental Rights and consistency with the GDPR
This legal analysis was commissioned by the Computer & Communications Industry Association (CCIA Europe). The opinions offered herein are purely those of the author, and do not necessarily represent the views of CCIA Europe.
Schrems III: Gauging the Validity of the GDPR Adequacy Decision for the United States
The EU Court of Justice’s (CJEU) July 2020 Schrems II decision generated significant uncertainty, as well as enforcement actions in various EU countries, as it questioned the lawfulness of transferring data to the United States under the General Data Protection Regulation (GDPR)1 while relying on “standard contractual clauses.
MEV on Ethereum: A Policy Analysis
Download from SSRN In cryptocurrency markets, maximal extractable value (“MEV”) is typically defined as “excess profit that a miner [validator] can extract by adjusting execution of user transactions.” MEV extraction has slowly been gaining broader recognition, e.
Report on the UK Online Safety Bill
with Matthew Lesh The draft Online Safety Bill presents a significant threat to freedom of speech, privacy and innovation. ‘Safety’ has been prioritised over freedom. The Bill’s proponents wrongly assume it is possible to remove ‘bad’ content without negatively impacting on the ‘good’ and that platforms, not users, are responsible for ‘harms’.
Report on the definition of ‘AI’ in the EU AI Regulation
with Ben Mueller The EU’s proposed Artificial Intelligence Act (AIA) would create a risk-based framework for regulating AI, with designated “high-risk” sectors subject to a long list of rules that regulate how firms can design, train, and deploy AI systems.
Reports on the EU Digital Services Act
I continue to analyse the proposed EU Digital Services Act as it is being debated in the EU legislature. So far, I have published the following reports: ‘The Digital Services Act and Small and Medium Enterprises as users of online services’ (EPICENTER policy brief, 13 October 2021).
The Great Transatlantic Data Disruption
with Kristian Stout (Director of Innovation Policy, International Center for Law & Economics) and Michael Mandel (Vice President and Chief Economist, Progressive Policy Institute) The full text of the paper can be downloaded here.
Regulating for Cybersecurity
in Polish, with Maciej Troć The full text of the report (in Polish) can be downloaded here. This report gives on overview of the problem of cybersecurity and discusses four models of regulation aimed at improving cybersecurity relevant for Poland and the European Union.
How to Protect Consumer Privacy and Data Security in the Age of 5G?
with Fred Roeder Published in Brazilian Portuguese (Pedro Gonet Branco tr) as ‘Como proteger a privacidade do consumidor e a segurança de dados na era do 5g?’ (2019) 16 Revista dos Estudantes de Direito da Universidade de Brasília (RED|UnB)
The Core Issue in Miller: The Relevance of Section 1 of the 1972 Act

The legal controversy in the Miller case may now be distilled in the following way. The government argues that it has a general power to withdraw from treaties, which it certainly does. The claimants argue that the executive does not have a power to frustrate a statute, which it certainly does not. The government argues that Parliament legislated in 1972 (and afterwards) against the background of a settled practice that the power of the Crown to withdraw from treaties is untrammelled. The claimants respond that there was never such a treaty as the set of EU Treaties and hence the previous practice is irrelevant.

This paper suggests that the correct interpretation of s. 1 of the European Communities Act 1972 [‘ECA’] strengthens the government position in Miller. The paper does so by explaining the legislative choice expressed in s. 1 ECA with the aid of the clear interpretative statements made in Parliament by government representatives during the legislative work on what became the ECA.